package com.wlj.security;

import com.wlj.security.core.authorize.AuthorizeConfigProvider;
import org.springframework.core.annotation.Order;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
import org.springframework.stereotype.Component;

//order:越大的越后加载
//为了保证下面的anyRequest配置在最后读取
@Component
@Order()
public class DemoAuthorizeConfigProvider implements AuthorizeConfigProvider {
    @Override
    public void config(ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry config) {

        config.antMatchers("/user/regist","/css/*","/img/*","/js/*","/favicon.ico","/fonts/*",
                "/social/signUp","/login").permitAll();
        config.anyRequest().access("@rbacService.hasPermission(request,authentication)");
    }
}
